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Practitioner's Docket No. NAI1P351/0L012.01 mixpii 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 
In re application of: Mark J. McArdle et al. 

Application No.: 09/900,002 Group No.: 2143 

Filed* 07/05/2001 Examiner: Pwu, J. 

For: " CONTROL OF INTERACTIONS BETWEEN CLIENT COMPUTER APPLICATIONS AND 
NETWORK RESOURCES 

Mail Stop Appeal BrieCs - Patents 
Commissioner for Patents 
P.O. Box 1450 

Alexandria, VA 22313-1450 

TRANSMITTAL OF APPEAL BRIEF 
(PATENT APPLICATION-37 C.F.R. § 41.37) 

1. Transmitted herewith is the APPEAL BRIEF in this application, with respect to the Notice of 
Appeal filed on July 21, 2005. 

2. STATUS OF APPLICANT 

This application is on behalf of other than a small entity. 



CERTIFICATION UNDER 37 C.F.R. §§ 1.8(a) and 1.10* 

(When using Express Mail, the Express Mail label number is mandatory; 
Express Mail certification is optional) 

1 hereby certify that, on the date shown below, this correspondence is being: 

MAILING 

_ deposited with the United States Postal Service in an envelope addressed to the Commissioner for Patents, P.O. Box 1450, Alexandria, VA 
22313-1450. 

37 C.F.R. § 1.8(a) 
with sufficient postage as first class mail. 



37 C.F.R.§t.l0* 
_ as "Express Mail Post Office to Addressee 1 
Mailing Label No, 



(mandatory) 



TRANSMISSION 
'facsimile transmitted to the Patent and Trademark Office, (57 1 ) 273-8300. 



Date: 




Erica L. Farlow 



(type or print name of person certifying) 



* Only the date of filing f L6) will be the date used in a patent term adjustment calculation, although the date on any certificate of mailing or 
transmission under - L8 continues to be taken into account in determining timeliness. See ■ /. 703(f), Consider "Express Mail Post Office to 
Addressee "('1. 10) or facsimile transmission (' 1.6(d)) for the reply to be accorded the earliest possible filing date for patent term adjustment 
calculations. 

Transminai ol* Appeal Brief-page I of 2 
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3. FEE FOR FILING APPEAL BRIEF 

Pursuant to 37 C.F.R. § 41.20(b)(2), the fee for filing the Appeal Brief is: 

other than a small entity $500.00 
Appeal Brief fee due $500.00 

4. EXTENSION OF TERM 

/ The proceedings herein are for a patent application and the provisions of 37 C.F.R. 1 .136 apply. 

Applicant believes that no extension of term is required. However, this conditional petition is being 
made to provide for the possibility that applicant has inadvertently overlooked the need for a 
petition and fee for extension of time. 

5. TOTAL FEE DUE 
The total fee due is: 



6. FEE PAYMENT 

Authorization is hereby made to charge the amount of $500.00 to Deposit Account No. 50-1351 
(Order No. NAI1P351). 

A duplicate of this transmittal is attached. 

7. FEE DEFICIENCY 



If any additional extension and/or fee is requirea>ahd if a\iva^ditional fee for claims is required, 



Appeal brief fee 
Extension fee (if any) 



$500.00 
$0.00 



TOTAL FEE DUE 



$500.00 




Reg. No.: 41,429 
Tel. No.: 408-971-2573 
Customer No.: 28875 



Signature of Practitioner 

Kevin J. Zil)&' 

Zilka-Kotab, PC 

P.O. Box 721120 

San Jose, CA 95172-1120 

USA 
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Practitioner's Docket No. NAI1P351/01.012.01 PATENT 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re application of: Mark J. McArdle et al. 

Application No.: 09/900,002 Group No.: 2143 

Filed: 07/05/2001 Examiner: Pwu, J. 

For: CONTROL OF INTERACTIONS BETWEEN CLIENT COMPUTER APPLICATIONS AND 
NETWORK RESOURCES 

Mail Stop Appeal Briefs - Patents 
Commissioner for Paten ts 
P.O. Box 1450 
Alexandria, VA 22313-1450 

TRANSMITTAL OF APPEAL BRIEF 
(PATENT APPLICATION— 37 CF.R. § 41.37) 

1. Transmitted herewith is the APPEAL BRIEF in this application, with respect to the Notice of 
Appeal filed on July 21, 2005. 

2. STATUS OF APPLICANT 

This application is on behalf of other than a small entity. 



CERTIFICATION UNDER 37 CF.R. §§ 1.8(a) and 1.10* 

(When using Express Mail, the Express Mail label number is mandatory; 
Express Mail certification is optional,) 

I hereby certify that, on the date shown below, this correspondence is being: 

MAILING 

_ deposited with the United States Postal Service in an envelope addressed to the Commissioner for Patents, P.O. Box 1450, Alexandria, VA 
22313-1450. 

37 CF.R. § 1.8(a) 37 CF.R. § 1.10* 

_ with sufficient postage as first class mail. _ as "Express Mail Post Office to Addressee" 

Mailing Label No. (mandatory) 




(type or print name of person certifying) 



* Only the date of filing (' 1.6) will be the date used in a patent term adjustment calculation* although the date on any certificate of mailing or 
transmission -under '1.8 continues to be taken Into account in determining timeliness. See ' /. 703(f). Consider "Express Mail Post Office to 
Addressee " ( ' I. JO) or facsimile transmission ( * 1, 6(d)) for the reply to be accorded the earliest possible filing date for patent term adjustment 
calculations. 

Transmittal of Appeal Brief-page 1 of 2 
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3. 



FEE FOR FILING APPEAL BRIEF 



Pursuant to 37 C.F.R. § 41.20(bX2), the fee for filing the Appeal Brief is: 



other than a small entity 



$500.00 



Appeal Brief fee due 



$500.00 



4. EXTENSION OF TERM 

The proceedings herein are for a patent application and the provisions of 37 C.F.R.1.136 apply. 

Applicant believes that no extension of term is required. However, this conditional petition is being 
made to provide for the possibility that applicant has inadvertently overlooked the need for a 
petition and fee for extension of time. 
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m 0 B 2005 



PATENT 



IN THE UNITED STATES PATENT AND TR ADEMARKOFFICE - 



In re application of: 



McArdle et al. 



Art Unit: 2143 



Application No. 09/900,002 



Examiner: Pwu, Jeffrey C. 



Filed: July 5, 2001 



Date: August 3, 2005 



For: CONTROL OF INTERACTIONS BETWEEN 
CLIENT COMPUTER APPLICATIONS AND 
NETWORK RESOURCES 



Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

ATTENTION: Board of Patent Appeals and Interferences 



This brief is in furtherance of the Notice of Appeal, filed in this case on July 21, 2005. 

The fees required under § 1 .17, and any required petition for extension of time for filing 
this brief and fees therefore, are dealt with in the accompanying TRANSMITTAL OF 
APPEAL BRrEF. 

This brief contains these items under the following headings, and in the order set forth 
below (37 C.F.R. § 4 1. 37(c)(1)): 

I REAL PARTY IN INTEREST 

II RELATED APPEALS AND INTERFERENCES 

III STATUS OF CLAIMS 

IV STATUS OF AMENDMENTS 

V SUMMARY OF CLAIMED SUBJECT MATTER 

VI GROUNDS OF REJECTION PRESENTED FOR REVIEW 

VII ARGUMENTS 



APPEAL BRIEF (37 C.F.R. § 41.37) 



08/05/2005 SHINASS1 00000033 501351 09900002 



01 FC:1402 



500.00 DA 
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VIII APPENDIX OF CLAIMS INVOLVED IN THE APPEAL 

IX APPENDIX LISTING ANY EVIDENCE RELIED ON BY THE APPELLANT 
IN THE APPEAL 

The final page of this brief bears the practitioner's signature. 



-2- 
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I REAL PARTY IN INTEREST (37 C.F.R. § 41.37(c)(l)(i)) 

The real party in interest in this appeal is McAfee, Inc. 
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II RELATED APPEALS AND INTERFERENCES (37 C.F.R. § 41.37(c) (l)(ii)) 

With respect to other prior or pending appeals, interferences, or related judicial 
proceedings that will directly affect, or be directly affected by, or have a bearing on the 
Board's decision in the pending appeal, there are no other such appeals, interferences, or 
related judicial proceedings. 



Since no 



such proceedings exist, no Related Proceedings Appendix is appended hereto. 
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III STATUS OF CLAIMS (37 C.F.FL § 41.37(c) (l)(iii)) 

A. TOTAL NUMBER OF CLAIMS IN APPLICATION 

Claims in the application are: 1-29 

B. STATUS OF ALL THE CLAIMS IN APPLICATION 

1 . Claims withdrawn from consideration: None 

2. Claims pending: 1-29 

3. Claims allowed: None 

4. Claims rejected: 1-29 

C. CLAIMS ON APPEAL 

The claims on appeal are: 1-29 

See additional status information in the Appendix of Claims. 
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IV STATUS OF AMENDMENTS (37 C.F.R. § 41.37(c)(l)(iv)) 

As to the status of any amendment filed subsequent to final rejection, an amendment 
was filed under final on June 3, 2005, and was not entered. 



-6- 
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V SUMMARY OF CLAIMED SUBJECT MATTER (37 C.F.R. § 41.37(c)(l)(v)) 

With respect to a summary of Claim 1 et ah, as shown in Figure 2, a computerized 
method for restricting network access by applications is provided. In use, a network 
access request from an application is detected (e.g. item 205 of Figure 2). An 
application policy file is examined to determine if the application is authorized to 
access the network by comparing an identifier for the application with identifiers in 
the application policy file that correspond to applications authorized for installation 
on computers coupled to the network (e.g. item 207 of 

Figure 2). As a result, access to the network is blocked if the application is not 
authorized to access the network (e.g. item 209 of Figure 2). Note page 7, line 1- 
page 8, line 17, for example. 

With respect to a summary of Claim 1 8, the above summary is incorporated, at least 
in part, by reference. Further, as shown in Figure 3, an application identifier field is 
provided that contains data identifying an application that is authorized for 
installation on computer coupled to a network (e.g. item 303 of Figure 3). Also 
included is a network identifier field that contains data identifying a entity that is 
accessible by the application identified by the application identifier field (e.g. item 
307 of Figure 3). Still yet, an access flag field is included which contains data 
specifying whether the application identified by the application identifier field is 
allowed access to the entity identified by the network identifier field (e.g. item 309 
of Figure 3). Mote page 8, line 18-page 9, line 19, for example. 
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VI GROUNDS OF REJECTION PRESENTED FOR REVIEW 
(37 C.RR. § 41.37(c)(l)(vi)) 

Following, under each issue listed, is a concise statement setting forth the corresponding 
ground of rejection. 

Issue #1: The Examiner has rejected Claims 26 and 27 under 35 U.S.C. 1 12, second 
paragraph. 

Issue #2: The Examiner has rejected Claims 1-25 and 28-29 under 35 U.S.C. 102(b) as 
being anticipated by Ginter et aL, U.S. Patent No. 5,892,900. 
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Vn ARGUMENTS (37 C.F.R. § 41.37(c)(l)(vii» 

The claims of the groups rioted below do not stand or fall together. In the present 
section, appellant explains why the claims of each group are believed to be separately 
patentable. 

Issue # 1: 

The Examiner has rejected Claims 26 and 27 under 35 U.S.C. 1 12, second paragraph. 

Group #7: Claims 26 and 27 

The Examiner has stated that there is insufficient antecedent basis for the "DNS service" 
limitation in Claim 26 and has rejected Claim 27 as being dependent on Claim 26. 
Appellant respectfully disagrees with this rejection, as an "a" is not necessary in this 
instance, in view of the nature of the term "DNS service." 

Issue # 2: 

The Examiner has rejected Claims 1-25 and 28-29 under 35 U.S.C. 102(b) as being 
anticipated by Ginter et al., U.S. Patent No. 5,892,900. 

Group it 1: Claims 1, 7, 12, 17, and 29 

With respect to independent Claim 1 et al., the Examiner has failed to make any 
prior art showing of appellant's claimed "detecting a network access request from an 
application" (see this or similar, but not identical language in each of the foregoing 
claims). Appellant respectfully asserts that nowhere in Ginter is there any teaching 
of such claim language, especially in view of the fact that the only "access request" 
disclosed by Ginter relates to user access and not an access request from an 
application, as claimed by appellant. 



PACE 14/29 * RCVD AT 8/3/2005 7:09:26 PM [Eastern Daylight Time] " SVR:USPTO-EFXRF-8/24 * DNIS:2738300 * CSID:408 971 4660 * DURATION (mm-ss):07-22 



Rug 03 05 04:12p SVIPG 



408 971 4660 



p. 15 



In addition, the Examiner has relied on Ginter's disclosure of "rules and controls" 
(Fig. 2A) and "permissions record" (Fig. 5A, item 808) to make a prior art showing 
of appellant's claimed -examining an application policy file" (see this or similar, but 
not identical language in each of the foregoing claims). However, Ginter's rules and 
controls only relate to the distribution of content (see Col. 56, lines 6-11) and 
Ginter's permissions record merely relates to rights associated with an object where 
that object is a container with content (see Col. 59, lines 14-15 and 44-45). Thus, 
such teachings clearly do not meet appellant's application policy file since nowhere 
in Ginter is there even any mention of a policy file associated with an application. 

Furthermore, with respect to appellant's claimed . .to determine if the application 
is authorized to access the network by comparing an identifier for the application 
with identifiers in the application policy file that correspond to applications 
authorized for installation on computers coupled to the network" (see this or similar, 
but not identical language in each of the foregoing claims), the Examiner has relied 
on Ginter's virtual distribution environment (Figs. 69A-69M). 

Appellant respectfully asserts that after careful review of Ginter's virtual distribution 
environment, it is clear that there is simply no disclosure of any sort of "comparing 
an identifier for the application with identifiers in the applications policy file that 
correspond to applications authorized for installation " (emphasis added). Ginter 
simply teaches encrypting installation materials using secret keys and a registry with 
decryption keys that are supplied on demand during a registration process (Col. 237, 
lines 4-20; Fig. 69A, items 3474 and 3478). Simply utilizing secret keys for 
decrypting an encrypted installation program, as disclosed by Ginter, in no way meet 
appellant's specific claim language, namely comparing identifiers where the 
"applications policy file [includes identifiers for] applications [that are] authorized 
for installation" 

The Examiner is reminded that a claim is anticipated only if each and every element 
as set forth in the claim is found, either expressly or inherently described in a single 
prior art reference. Verdegaal Bros. v. Union Oil Co. Of California, 814 F.2d 628, 
631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). Moreover, the identical invention 
must be shown in as complete detail as contained in the claim. Richardson v. 
Suzuki Motor Co.868 F.2d 1226, 1236, 9USPQ2d 1913, 1920 (Fed. Cir. 1989). The 
elements must be arranged as required by the claim. 
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This criterion has simply not been met by the Ginter reference, since each element as 
set forth in the claims has not been met, as noted above. 

Group #2: Claims 2 t 8 and 13 

The Examiner has relied on Ginter's disclosure of assigning "each person using an 
electronic appliance 600. . .a set of permitted sensitivity attributes to designate those 
documents, or one or more portions of certain documents types, which could be 
processed in certain one or more ways, by the person's electronic appliance" (Col. 
302, line 40-Col. 303, line 39) to make a prior art showing of appellant's claimed 
"determining a network resource requested by the application; examining the 
application policy file to determining if the application is authorized to access the 
network resource; and allowing access to the network resource if the application is 
authorized to access the network resource." Appellant respectfully asserts that 
Ginter merely teaches user permissions with respect to accessing documents, and not 
application permissions with respect to accessing a network resource, in the manner 
claimed by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group #3; Claims 3, 9 and 14 

The Examiner has relied on Col. 302, line 40-Col. 303, line 39 of Ginter to make a 
prior art showing of appellant's claimed "determining a type of network access 
requested by the application; examining the application policy file to determine if 
the application is authorized for the type of network access requested; and allowing 
the type of network access requested if the application is authorized for the type of 
network access requested." Again, appellant respectfully asserts that Ginter merely 
teaches user permissions with respect to accessing documents, and not application 
permissions with respect to a type of network access, in the manner claimed by 
appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 
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Group #4: Claims 4, 10 and 15 

The Examiner has relied on Col. 302, line 40-Col. 303, line 39 of Ginter to make a 
prior art showing of appellant's claimed "updating the application policy file; and 
re-evaluating applications currently executing again the updated policy file." 
Appellant respectfully asserts that the only modification made to document control 
policies as disclosed in Ginter relates to the original creation of the control policies 
and the different types of controls that may be placed on a document. There is 
simply no disclosure of any type of update, and especially not of re-evaluating an 
updated policy file in the manner claimed by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 



Group #5: Claims 5, II and 16 

The Examiner has relied on Figures 5A and 5B of Ginter to make a prior art 
showing of appellant's claimed "wherein the application identifier is in the network 
access request." However, the referenced figures merely teach a permissions record, 
which relates to rights associated with an object where that object is a container with 
content (see Col. 59, lines 14-15 and 44-45). There is simply no such application 
identifier that is included in the network access request, in the manner claimed by 
appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 



Group #6: Claim 6 

The Examiner has relied on Ginter 1 12 to make a prior art showing of appellant's 
claimed "wherein the method is performed on a client computer on which the 
application is executing." Appellant assumes that the Examiner was referring to 
Figure 2A, item 1 12, which simply discloses a content user that uses content in 
accordance with rules and controls (see Col. 56, lines 28-29). A content user that is 
subject to rules and controls for the specific content simply does not teach "a client 
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computer on which the application is executing," particularly because there is 
simply no mention of a client computer nor the execution of an application in 
Ginter. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group #7; Claims 18 and 21 

The Examiner has relied on the same rejections as given with respect to the 
arguments made with respect to Group #1 of Issue #2 above. Thus, for the same or 
similar reasons as given above, application respectfully asserts that the Ginter 
reference does not meet appellant's specific claim language. Furthermore, it seems 
the Examiner has relied on Ginter's broad disclosure of VDE's ability to provide 
generalized configurability (Col. 12, line 18-Col. 12, line 67) to make a prior art 
showing of appellant's claimed "field[s] " However, Ginter merely teaches that 
such configurability arises from requirements for supporting electronic commerce 
and data security, but not the specific items capable of being configured. Thus, there 
is simply no teaching in Ginter of appellant's specific claim language, and in 
particular there is no teaching of any sort of "application identifier field," "network 
identifier field," and "access flag field," in the context claimed by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group #P: Claim 19 

The Examiner has relied on Ginter's disclosure of VDE (Col. 3, line 18-Col. 13, line 
67) to make a prior art showing of appellant's claimed "application identifier field" 
and "network identifier field." However, appellant respectfully asserts that Ginter 
does not disclose any type of "application identifier field" or "network identifier 
field," as claimed by appellant. 
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Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group #10: Claim 20 

The Examiner has relied on Ginter's disclosure of VDE (Col. 3 5 line 18-Col. 13, line 
67) to make a prior art showing of appellant's claimed "response field." However 
appellant respectfully asserts that Ginter does not disclose any type of "response 
field" as claimed by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group #11: Claim 22 

The Examiner has relied on Ginter's disclosure of VDE (Col. 3, line 18-Col. 13, line 
67) to make a prior art showing of appellant's claimed "application identifier." 
However, appellant respectfully asserts that Ginter does not disclose any type of 
"application identifier," let alone an application identifier that is either a file name of 
the application or a path on the network, as claimed by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group #12: Claim 23 

The Examiner has relied on Ginter's disclosure of VDE (Col. 3, line 18-Col. 13, line 
67) to make a prior art showing of appellant's claimed "plurality of the application 
identifiers." However, appellant respectfully asserts that Ginter does not disclose 
any type of "plurality of the application identifiers," as claimed by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group # 13: Claim 24 
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The Examiner has relied on Ginter's disclosure of "Document Control Policies" 
(Col. 302, line 40-Col. 303, line 39) to make a prior art showing of appellant's 
claimed technique "wherein each application entry in the application policy file 
comprises a set of access policy rules for one of a network and a network resource 
identified by the network identifier." Ginter's document control policies relate to 
user permissions with respect to accessing documents, and not application 
permissions with respect to a network or network resource * in the manner claimed 
by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group #14: Claim 25 

The Examiner has relied on Ginter's disclosure of VDE (Col. 3, line 18-Col. 13, line 
67) to make a prior art showing of appellant's claimed "network identifier [that is] a 
Universal Naming Convention path [or] a network address range." However, 
appellant respectfully asserts that Ginter does not disclose any type of "network 
identifier [that is] a Universal Naming Convention path [or] a network address 
range," as claimed by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

Group #15: Claim 28 

The Examiner has relied on Ginter's document control policies (Coi. 302, line 40- 
Col. 303, line 39) to make a prior art showing of appellant's claimed technique 
ct where the application policy file includes an application identifier, a network 
identifier, an access flag, additional policy rules, and at least on application entry." 
Appellant respectfully asserts that Ginter's document control policies relate to user 
permissions with respect to accessing documents, which would only require a 
designation of the user, the document, permissions with respect to the particular user 
and document, and would not require, nor suggest, an application identifier , a 
network identifier , additional policy rules , or an application entry since such method 
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in Ginter does not relate to an application accessing a network, in the manner 
claimed by appellant. 

Again, each element as set forth in the claims has not been met by the Ginter 
reference, as noted above. 

In view of the remarks set forth hereinabove, all of the independent claims are deemed 
allowable, along with any claims depending therefrom. 



-16- 



PAGE 21/29 * RCVD AT 8/3/2005 7:09:26 PM [Eastern Daylight Time] * SVR.USPTO-EFXRF-6/24 * DNIS:2738300 * CSID:408 971 4660 * DURATION <mm-ss):07-22 



Rug 03 05 04:13p SVIPG 



408 971 4GG0 



Vin APPENDIX OF CLAIMS (37 C.F.R. § 41.37(c)(l)(viii)) 

The text of the claims involved in the appeal (along with associated status information) 
is set forth below: 

1 . (Previously Presented) A computerized method for restricting network access by 
applications comprising: 

detecting a network access request from an application; 

examining an application policy file to determine if the application is 
authorized to access the network by comparing an identifier for the application with 
identifiers in the application policy file that correspond to applications authorized for 
installation on computers coupled to the network; and 

blocking access to the network if the application is not authorized to access 

the network. 

2. (Original) The method of claim 1 further comprising: 

determining a network resource requested by the application; 

examining the application policy file to determine if the application is 
authorized to access the network resource; and 

allowing access to the network resource if the application is authorized to 
access the network resource. 

3. (Original) The method of claim 1 further comprising: 

determining a type of network access requested by the application; 

examining the application policy file to determine if the application is 
authorized for the type of network access requested; and 

allowing the type of network access requested if the application is authorized 
for the type of network access requested. 

4. (Original) The method of claim 1 further comprising: 

updating the application policy file; and 

re-evaluating applications currently executing against the updated policy file. 
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5. (Previously Amended) The method of claim 1, wherein the application identifier 
is in the network access request. 

6. (Original) The method of claim 1, wherein the method is performed on a client 
computer on which the application is executing. 

7. (Previously Presented) A computer-readable medium having executable 
instruction to cause a computer to perform a method comprising: 

detecting a network access request from an application; 

examining an application policy file to determine if the application is 
authorized to access the network by comparing an identifier for the application with 
identifiers in the application policy file that correspond to applications authorized for 
installation on computers coupled to the network; and 

blocking access to the network if the application is not authorized to access 

the network. 

8. (Original) The computer-readable medium of claim 7, wherein the method 

further comprises: 

determining a network resource requested by the application; 

examining the application policy file to determine if the application is 
authorized to access the network resource; and 

allowing access to the network resource if the application is authorized to 
access the network resource. 

9. (Original) The computer-readable, medium of claim 7, wherein the method 

further comprises: 

determining a type of network access requested by the application; 

examining the application policy file to determine if the application is 
authorized for the type of network access requested; and 

allowing the type of network access requested if the application is authorized 
for the type of network access requested. 
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10. (Original) The computer-readable medium of claim 7, wherein the method 
further comprises: 

updating the application policy file; and 

re-evaluating applications currently executing against the updated policy file. 

1 1 . (Previously Presented) The computer-readable medium of claim 7, wherein the 
application identifier is in the network access request. 

12. (Previously Presented) A computer system comprising: 

a processing unit; 

a memory coupled to the processing unit through a bus; 

a network interface coupled to the processing unit through the bus and 
further operable for coupling to a network; and 

an application policy process executed from the memory by the processing 
unit to cause the processing unit to detect a network access request from an 
application, to examine an application policy file to determine if the application is 
authorized to access the network by comparing an identifier for the application with 
identifiers in the application policy file that correspond to applications authorized for 
installation on computers coupled to the network, and to block access to the network 
if the application is not authorized to access the network. 

13. (Original) The computer system of claim 12, wherein the application policy 
process further causes the processing unit to determine a network resource requested 
by the application, to examine the application policy file to determine if the 
application is authorized to access the network resource, and to allow access to the 
network resource if the application is authorized to access the network resource. 

14. (Original) The computer system of claim 12, wherein the application policy 
process further causes the processing unit to determine a type of network access 
requested by the application, to examine the application policy file to determine if 
the application is authorized for the type of network access requested, and to allow 
the type of network access requested if the application is authorized for the type of 
network access requested. 
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15. (Original) The computer system of claim 12, wherein the application policy 
process further causes the processing unit to update the application policy file, and 
to re-evaluate applications currently executing against the updated policy file, 

16. (Previously Amended) The computer system of claim 12, wherein the 
application identifier is in the network access request. 

17. (Original) The computer system of claim 12, wherein the application is 
executed from the memory by the processing unit. 

18. (Previously Presented) A computer-readable medium having stored thereon an 
application policy data structure comprising; 

an application identifier field containing data identifying an application that 
is authorized for installation on computer coupled to a network; 

a network identifier field containing data identifying a entity that is 
accessible by the application identified by the application identifier field; and 

an access flag field containing data specifying whether the application 
identified by the application identifier field is allowed access to the entity identified 
by the network identifier field. 

19. (Original) The computer-readable medium of claim 18 further comprising: 

an additional policy rule field containing data specifying whether the 
application identified by the application identifier field is allowed a particular type 
of access to the entity identified by the network identifier field. 

20. (Original) The computer-readable medium of claim 1 8 further comprising: 

a response field containing data specifying an action to performed if the 
application identified by the application identifier field attempts access to the entity 
identified by the network identifier field and the access is not allowed. 

21. (Original) The computer-readable medium of claim 18, wherein the entity is 
selected from the group consisting of a network and a network resource. 
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22. (Previously Presented) The method of claim 5, wherein the application identifier 
is selected from the group consisting of a file name of the application and a path on 
the network. 

23. (Previously Presented) The method of claim 5, wherein a plurality of the 
application identifiers are associated with each application, and each of the 
application identifiers corresponds to a different network address assigned to the 
corresponding application. 

24. (Previously Presented) The method of claim 1, wherein each application entry in 
the application policy file comprises a set of access policy rules for one of a network 
and a network resource identified by a network identifier. 

25. (Previously Presented) The method of claim 24, wherein the network identifier is 
selected from the group consisting of a network address range and a Universal 
Naming Convention path. 

26. (Previously Presented) The method of claim 24, wherein the set of access policy 
rules includes a first rule that allows DNS service from a specified network server, 
and a second rule that disallows FTP with respect to specified addresses. 

27. (Previously Presented) The method of claim 26, wherein a null setting for an 
access flag is interpreted as one of allowing and disallowing all access to a network 
specified by the network identifier. 

28. (Previously Presented) The method of claim 1 wherein the application policy file 
includes an application identifier, a network identifier, an access flag, additional 
policy rules, and at least one application entry. 

29. (Previously Presented) A computerized method for execution on a computer 
coupled to a network to restrict network access by an application executing on the 
computer, the method comprising: 
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detecting a network request from the application, the request comprising at 
least one of an identifier and entity and a type of network access, wherein the entity 
is one of a network and a network resource; 

examining an application policy file to determine if the application is 
authorized to access the entity by comparing an identifier for the application with 
identifiers in the application policy file that correspond to applications authorized for 
installation on computers coupled to the network, wherein each application entry in 
the application policy file comprises a set of access policy rules for a network 
corresponding to a network identifier, the network identifier comprising at least one 
of a network address range and a Universal Naming Convention path, and wherein 
the application policy file further comprises an access flag having a null setting that 
is interpreted as one of allowing and disallowing all access to a network specified by 
the network identifier; 

blocking access to the entity if the application is not authorized to access the 

entity; and 

re-evaluating applications currently executing against any updated 
application policy file, 

wherein a plurality of the application identifiers are associated with each application, 
each application identifier corresponding to a different network address assigned to 
the corresponding application, and wherein each application identifier is one of a file 
name of the application and a path on the network. 
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IX APPENDIX LISTING ANY EVIDENCE RELIED ON BY THE APPELLANT 
IN THE APPEAL (37 C.F.R. § 41.37{c)(l)(ix)) 

There is no such evidence. 
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In the event a telephone conversation would expedite the prosecution of this application, the 
Examiner may reach the undersigned at (408) 971-2573. For payment of any additxonal fees due » 
connection with the filing of this paper, the Commissioner is authorized to charge such fees to 
Deposit Account No. 50-1351 (Order No. NAI1P351_01.012.01). 



Respectfully submrt 

/ / / Date: 




Kevin J. Zilka 
Reg. No. 41,429 



Zilka-Kotab, P.C. 

P.O. Box 721120 

San Jose, California 95 172-1 120 

Telephone: (408) 971-2573 

Facsimile: (408)971-4660 




-24- 



PAGE 29/29 • RCVD AT 80)2005 7:09:26 PM [eastern Daylight Time] " SVR:USPTO-EFXRF-6/24 ■ DNIS:2738300 » CSID:408 971 4860 " DURATION <mm-SS):07-22 



